BugTraq
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
 
Re: Woltlab Burning Board 2.3.X SQL Injection Vulnerability Sep 24 2006 08:48AM
x82_ bk ru
funny advisory.. ;)

Here is our fix:

-------------------------------------

if ($_GET['page'] < "0")

{

$this->page = 1;

}

-------------------------------------

Add this near line 480 in function getPostIds()

And by the way this isn't critical, because intval is used before, not becaus...

[ more ]  
 

Privacy Statement
Copyright 2010, SecurityFocus